[<prev] [next>] [day] [month] [year] [list]
Message-ID: <04F92BA33955D51195B700508B4AB6E916441FF0@dslak12.dnznet.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: Re: Microsoft Coding / National Security Ri
sk
> also sprach Richard Hatch <r.hatch@...s.qinetiq.com>
> [2004.03.24.1110 +0100]:
> > Take a team of really really good C/C++ coders with
> excellent security
> > vulnerability knowledge and have them go through the source
> code for
> > windows (starting with the core functionality and internet facing
> > functionality maybe). Find these bugs (including
> methodical black-box
> > testing against the binaries) and fix them.
>
> You will have a hard time, given the patched OS that Windoze is.
> Where design is flawed you can't add security.
Seems to me that common consensus is that the Windows design is actually
relatively good - it is the implementation that is the problem.
Powered by blists - more mailing lists